2312 lines
71 KiB
JSON
2312 lines
71 KiB
JSON
{
|
|
"id": "d3ebd3d9-2493-4aa2-942b-3118a216b430",
|
|
"realm": "hasura",
|
|
"notBefore": 0,
|
|
"defaultSignatureAlgorithm": "RS256",
|
|
"revokeRefreshToken": false,
|
|
"refreshTokenMaxReuse": 0,
|
|
"accessTokenLifespan": 300,
|
|
"accessTokenLifespanForImplicitFlow": 900,
|
|
"ssoSessionIdleTimeout": 1800,
|
|
"ssoSessionMaxLifespan": 36000,
|
|
"ssoSessionIdleTimeoutRememberMe": 0,
|
|
"ssoSessionMaxLifespanRememberMe": 0,
|
|
"offlineSessionIdleTimeout": 2592000,
|
|
"offlineSessionMaxLifespanEnabled": false,
|
|
"offlineSessionMaxLifespan": 5184000,
|
|
"clientSessionIdleTimeout": 0,
|
|
"clientSessionMaxLifespan": 0,
|
|
"clientOfflineSessionIdleTimeout": 0,
|
|
"clientOfflineSessionMaxLifespan": 0,
|
|
"accessCodeLifespan": 60,
|
|
"accessCodeLifespanUserAction": 300,
|
|
"accessCodeLifespanLogin": 1800,
|
|
"actionTokenGeneratedByAdminLifespan": 43200,
|
|
"actionTokenGeneratedByUserLifespan": 300,
|
|
"oauth2DeviceCodeLifespan": 600,
|
|
"oauth2DevicePollingInterval": 5,
|
|
"enabled": true,
|
|
"sslRequired": "external",
|
|
"registrationAllowed": false,
|
|
"registrationEmailAsUsername": false,
|
|
"rememberMe": false,
|
|
"verifyEmail": false,
|
|
"loginWithEmailAllowed": true,
|
|
"duplicateEmailsAllowed": false,
|
|
"resetPasswordAllowed": false,
|
|
"editUsernameAllowed": false,
|
|
"bruteForceProtected": false,
|
|
"permanentLockout": false,
|
|
"maxFailureWaitSeconds": 900,
|
|
"minimumQuickLoginWaitSeconds": 60,
|
|
"waitIncrementSeconds": 60,
|
|
"quickLoginCheckMilliSeconds": 1000,
|
|
"maxDeltaTimeSeconds": 43200,
|
|
"failureFactor": 30,
|
|
"roles": {
|
|
"realm": [
|
|
{
|
|
"id": "7219280c-2d93-4cb5-9ff9-fa4b639716fd",
|
|
"name": "uma_authorization",
|
|
"description": "${role_uma_authorization}",
|
|
"composite": false,
|
|
"clientRole": false,
|
|
"containerId": "d3ebd3d9-2493-4aa2-942b-3118a216b430",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "7fb465bc-beae-431b-8a38-06afa8b4c75c",
|
|
"name": "user",
|
|
"description": "",
|
|
"composite": false,
|
|
"clientRole": false,
|
|
"containerId": "d3ebd3d9-2493-4aa2-942b-3118a216b430",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "b34240e1-92b8-48e9-aaa5-82eecbdcb283",
|
|
"name": "default-roles-hasura",
|
|
"description": "${role_default-roles}",
|
|
"composite": true,
|
|
"composites": {
|
|
"realm": ["offline_access", "uma_authorization"],
|
|
"client": {
|
|
"account": ["manage-account", "view-profile"]
|
|
}
|
|
},
|
|
"clientRole": false,
|
|
"containerId": "d3ebd3d9-2493-4aa2-942b-3118a216b430",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "3ece9760-6a06-4d75-9efc-27164c8253c8",
|
|
"name": "offline_access",
|
|
"description": "${role_offline-access}",
|
|
"composite": false,
|
|
"clientRole": false,
|
|
"containerId": "d3ebd3d9-2493-4aa2-942b-3118a216b430",
|
|
"attributes": {}
|
|
}
|
|
],
|
|
"client": {
|
|
"realm-management": [
|
|
{
|
|
"id": "c8c637d4-39a5-4170-8d2f-1aef0a2f9720",
|
|
"name": "query-groups",
|
|
"description": "${role_query-groups}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "5d7dda49-d56d-4c64-8a01-ee5dd5310c81",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "e81f684f-c4ff-425e-861d-80507258b321",
|
|
"name": "manage-authorization",
|
|
"description": "${role_manage-authorization}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "5d7dda49-d56d-4c64-8a01-ee5dd5310c81",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "88d97cbc-e7e1-4561-ad9c-8cf1161a55a0",
|
|
"name": "query-realms",
|
|
"description": "${role_query-realms}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "5d7dda49-d56d-4c64-8a01-ee5dd5310c81",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "67063d5f-8023-4be9-8db2-37f81dfeb90b",
|
|
"name": "view-identity-providers",
|
|
"description": "${role_view-identity-providers}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "5d7dda49-d56d-4c64-8a01-ee5dd5310c81",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "024c8120-8208-4ad4-b098-27c7c9d549df",
|
|
"name": "view-realm",
|
|
"description": "${role_view-realm}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "5d7dda49-d56d-4c64-8a01-ee5dd5310c81",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "a2fe97c7-b0d2-444f-bdba-efb2bfecda0f",
|
|
"name": "create-client",
|
|
"description": "${role_create-client}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "5d7dda49-d56d-4c64-8a01-ee5dd5310c81",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "bc2425ed-2269-431c-81f6-eb4401020952",
|
|
"name": "query-users",
|
|
"description": "${role_query-users}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "5d7dda49-d56d-4c64-8a01-ee5dd5310c81",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "a2cb5869-dc32-4373-8a10-71b9132c850e",
|
|
"name": "view-authorization",
|
|
"description": "${role_view-authorization}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "5d7dda49-d56d-4c64-8a01-ee5dd5310c81",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "a8b11879-261c-4e4f-8b05-414069988810",
|
|
"name": "manage-identity-providers",
|
|
"description": "${role_manage-identity-providers}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "5d7dda49-d56d-4c64-8a01-ee5dd5310c81",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "0810aa4f-a32c-432a-9c16-0374233f17e6",
|
|
"name": "view-clients",
|
|
"description": "${role_view-clients}",
|
|
"composite": true,
|
|
"composites": {
|
|
"client": {
|
|
"realm-management": ["query-clients"]
|
|
}
|
|
},
|
|
"clientRole": true,
|
|
"containerId": "5d7dda49-d56d-4c64-8a01-ee5dd5310c81",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "53b48727-828f-406c-aa7e-b0d1c4109d0b",
|
|
"name": "impersonation",
|
|
"description": "${role_impersonation}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "5d7dda49-d56d-4c64-8a01-ee5dd5310c81",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "27751c74-74f3-4fbf-b42a-124de7207dc0",
|
|
"name": "manage-clients",
|
|
"description": "${role_manage-clients}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "5d7dda49-d56d-4c64-8a01-ee5dd5310c81",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "44c4d09a-8b0e-413e-91a4-c383ef17b345",
|
|
"name": "query-clients",
|
|
"description": "${role_query-clients}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "5d7dda49-d56d-4c64-8a01-ee5dd5310c81",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "837d8209-0fbf-406d-a1f4-d3672879fd7c",
|
|
"name": "manage-realm",
|
|
"description": "${role_manage-realm}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "5d7dda49-d56d-4c64-8a01-ee5dd5310c81",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "90b904a0-ddf1-4542-902e-f0f0cd4bc23e",
|
|
"name": "manage-users",
|
|
"description": "${role_manage-users}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "5d7dda49-d56d-4c64-8a01-ee5dd5310c81",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "49328548-01c4-477e-90e8-5cdec6ede9d2",
|
|
"name": "view-events",
|
|
"description": "${role_view-events}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "5d7dda49-d56d-4c64-8a01-ee5dd5310c81",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "5f381d33-4e28-4b50-87be-0cc0e4887e2f",
|
|
"name": "realm-admin",
|
|
"description": "${role_realm-admin}",
|
|
"composite": true,
|
|
"composites": {
|
|
"client": {
|
|
"realm-management": [
|
|
"query-groups",
|
|
"manage-authorization",
|
|
"view-realm",
|
|
"view-identity-providers",
|
|
"query-realms",
|
|
"create-client",
|
|
"view-authorization",
|
|
"query-users",
|
|
"manage-identity-providers",
|
|
"view-clients",
|
|
"impersonation",
|
|
"manage-clients",
|
|
"query-clients",
|
|
"manage-realm",
|
|
"manage-users",
|
|
"view-events",
|
|
"view-users",
|
|
"manage-events"
|
|
]
|
|
}
|
|
},
|
|
"clientRole": true,
|
|
"containerId": "5d7dda49-d56d-4c64-8a01-ee5dd5310c81",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "13b75adb-cf15-4f02-8c1e-b70bf405b692",
|
|
"name": "view-users",
|
|
"description": "${role_view-users}",
|
|
"composite": true,
|
|
"composites": {
|
|
"client": {
|
|
"realm-management": ["query-groups", "query-users"]
|
|
}
|
|
},
|
|
"clientRole": true,
|
|
"containerId": "5d7dda49-d56d-4c64-8a01-ee5dd5310c81",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "b5126b18-1e29-4989-a0ce-3350feb02b42",
|
|
"name": "manage-events",
|
|
"description": "${role_manage-events}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "5d7dda49-d56d-4c64-8a01-ee5dd5310c81",
|
|
"attributes": {}
|
|
}
|
|
],
|
|
"security-admin-console": [],
|
|
"admin-cli": [],
|
|
"account-console": [],
|
|
"broker": [
|
|
{
|
|
"id": "ba86f97b-0032-465d-b52d-06d0cb1514b5",
|
|
"name": "read-token",
|
|
"description": "${role_read-token}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "4a3abf8b-7ce0-4eb3-8733-0b76bde3125d",
|
|
"attributes": {}
|
|
}
|
|
],
|
|
"account": [
|
|
{
|
|
"id": "8107bb62-629a-4c05-a6b3-9ec05db9feab",
|
|
"name": "manage-consent",
|
|
"description": "${role_manage-consent}",
|
|
"composite": true,
|
|
"composites": {
|
|
"client": {
|
|
"account": ["view-consent"]
|
|
}
|
|
},
|
|
"clientRole": true,
|
|
"containerId": "ce02d0ff-b633-4d79-8a33-2c8241017d72",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "cb761f1a-f422-4292-9f27-aeca063ae6ad",
|
|
"name": "view-applications",
|
|
"description": "${role_view-applications}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "ce02d0ff-b633-4d79-8a33-2c8241017d72",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "b87631c3-f3bb-4684-825e-53b7b784687d",
|
|
"name": "manage-account",
|
|
"description": "${role_manage-account}",
|
|
"composite": true,
|
|
"composites": {
|
|
"client": {
|
|
"account": ["manage-account-links"]
|
|
}
|
|
},
|
|
"clientRole": true,
|
|
"containerId": "ce02d0ff-b633-4d79-8a33-2c8241017d72",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "81a519c5-d106-4b4c-986d-3416537d91b6",
|
|
"name": "view-groups",
|
|
"description": "${role_view-groups}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "ce02d0ff-b633-4d79-8a33-2c8241017d72",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "e563f5f3-e86f-491c-882a-7acc3d84c6f0",
|
|
"name": "view-consent",
|
|
"description": "${role_view-consent}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "ce02d0ff-b633-4d79-8a33-2c8241017d72",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "4434c108-c594-43e9-b8d4-8ded56196cc5",
|
|
"name": "view-profile",
|
|
"description": "${role_view-profile}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "ce02d0ff-b633-4d79-8a33-2c8241017d72",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "c342ec0b-6885-4d8d-b036-1aafdc376c06",
|
|
"name": "delete-account",
|
|
"description": "${role_delete-account}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "ce02d0ff-b633-4d79-8a33-2c8241017d72",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "5c200c4e-fd80-4cd1-8723-562ba7430398",
|
|
"name": "manage-account-links",
|
|
"description": "${role_manage-account-links}",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "ce02d0ff-b633-4d79-8a33-2c8241017d72",
|
|
"attributes": {}
|
|
}
|
|
],
|
|
"hasura": [
|
|
{
|
|
"id": "e971ec56-92a0-4c06-a8a2-a35946852ee6",
|
|
"name": "uma_protection",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "4be1cdcc-b0b3-4581-957b-54fa17c0d929",
|
|
"attributes": {}
|
|
},
|
|
{
|
|
"id": "8cbd62f4-daa2-4809-850b-88870e2c70fc",
|
|
"name": "user",
|
|
"description": "",
|
|
"composite": false,
|
|
"clientRole": true,
|
|
"containerId": "4be1cdcc-b0b3-4581-957b-54fa17c0d929",
|
|
"attributes": {}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"groups": [],
|
|
"defaultRole": {
|
|
"id": "b34240e1-92b8-48e9-aaa5-82eecbdcb283",
|
|
"name": "default-roles-hasura",
|
|
"description": "${role_default-roles}",
|
|
"composite": true,
|
|
"clientRole": false,
|
|
"containerId": "d3ebd3d9-2493-4aa2-942b-3118a216b430"
|
|
},
|
|
"requiredCredentials": ["password"],
|
|
"otpPolicyType": "totp",
|
|
"otpPolicyAlgorithm": "HmacSHA1",
|
|
"otpPolicyInitialCounter": 0,
|
|
"otpPolicyDigits": 6,
|
|
"otpPolicyLookAheadWindow": 1,
|
|
"otpPolicyPeriod": 30,
|
|
"otpPolicyCodeReusable": false,
|
|
"otpSupportedApplications": [
|
|
"totpAppGoogleName",
|
|
"totpAppMicrosoftAuthenticatorName",
|
|
"totpAppFreeOTPName"
|
|
],
|
|
"webAuthnPolicyRpEntityName": "keycloak",
|
|
"webAuthnPolicySignatureAlgorithms": ["ES256"],
|
|
"webAuthnPolicyRpId": "",
|
|
"webAuthnPolicyAttestationConveyancePreference": "not specified",
|
|
"webAuthnPolicyAuthenticatorAttachment": "not specified",
|
|
"webAuthnPolicyRequireResidentKey": "not specified",
|
|
"webAuthnPolicyUserVerificationRequirement": "not specified",
|
|
"webAuthnPolicyCreateTimeout": 0,
|
|
"webAuthnPolicyAvoidSameAuthenticatorRegister": false,
|
|
"webAuthnPolicyAcceptableAaguids": [],
|
|
"webAuthnPolicyPasswordlessRpEntityName": "keycloak",
|
|
"webAuthnPolicyPasswordlessSignatureAlgorithms": ["ES256"],
|
|
"webAuthnPolicyPasswordlessRpId": "",
|
|
"webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified",
|
|
"webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified",
|
|
"webAuthnPolicyPasswordlessRequireResidentKey": "not specified",
|
|
"webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified",
|
|
"webAuthnPolicyPasswordlessCreateTimeout": 0,
|
|
"webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
|
|
"webAuthnPolicyPasswordlessAcceptableAaguids": [],
|
|
"users": [
|
|
{
|
|
"username": "username",
|
|
"enabled": true,
|
|
"emailVerified": true,
|
|
"credentials": [
|
|
{
|
|
"type": "password",
|
|
"value": "password"
|
|
}
|
|
],
|
|
"realmRoles": [
|
|
"user",
|
|
"default-roles-hasura"
|
|
],
|
|
"clientRoles": {
|
|
"hasura": [
|
|
"user"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"id": "8728e38e-6b60-44d2-8830-f1e2ad284a02",
|
|
"createdTimestamp": 1692777925764,
|
|
"username": "service-account-hasura",
|
|
"enabled": true,
|
|
"totp": false,
|
|
"emailVerified": false,
|
|
"serviceAccountClientId": "hasura",
|
|
"disableableCredentialTypes": [],
|
|
"requiredActions": [],
|
|
"realmRoles": ["user", "default-roles-hasura"],
|
|
"clientRoles": {
|
|
"hasura": ["uma_protection"]
|
|
},
|
|
"notBefore": 0,
|
|
"groups": []
|
|
}
|
|
],
|
|
"scopeMappings": [
|
|
{
|
|
"clientScope": "offline_access",
|
|
"roles": ["offline_access"]
|
|
},
|
|
{
|
|
"clientScope": "hasura",
|
|
"roles": ["user"]
|
|
}
|
|
],
|
|
"clientScopeMappings": {
|
|
"account": [
|
|
{
|
|
"client": "account-console",
|
|
"roles": ["manage-account", "view-groups"]
|
|
}
|
|
]
|
|
},
|
|
"clients": [
|
|
{
|
|
"id": "ce02d0ff-b633-4d79-8a33-2c8241017d72",
|
|
"clientId": "account",
|
|
"name": "${client_account}",
|
|
"rootUrl": "${authBaseUrl}",
|
|
"baseUrl": "/realms/hasura/account/",
|
|
"surrogateAuthRequired": false,
|
|
"enabled": true,
|
|
"alwaysDisplayInConsole": false,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"redirectUris": ["/realms/hasura/account/*"],
|
|
"webOrigins": [],
|
|
"notBefore": 0,
|
|
"bearerOnly": false,
|
|
"consentRequired": false,
|
|
"standardFlowEnabled": true,
|
|
"implicitFlowEnabled": false,
|
|
"directAccessGrantsEnabled": false,
|
|
"serviceAccountsEnabled": false,
|
|
"publicClient": true,
|
|
"frontchannelLogout": false,
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"post.logout.redirect.uris": "+"
|
|
},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": false,
|
|
"nodeReRegistrationTimeout": 0,
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"acr",
|
|
"roles",
|
|
"profile",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": [
|
|
"address",
|
|
"phone",
|
|
"offline_access",
|
|
"microprofile-jwt"
|
|
]
|
|
},
|
|
{
|
|
"id": "101df256-3450-4b5c-8d0f-d29b531e3499",
|
|
"clientId": "account-console",
|
|
"name": "${client_account-console}",
|
|
"rootUrl": "${authBaseUrl}",
|
|
"baseUrl": "/realms/hasura/account/",
|
|
"surrogateAuthRequired": false,
|
|
"enabled": true,
|
|
"alwaysDisplayInConsole": false,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"redirectUris": ["/realms/hasura/account/*"],
|
|
"webOrigins": [],
|
|
"notBefore": 0,
|
|
"bearerOnly": false,
|
|
"consentRequired": false,
|
|
"standardFlowEnabled": true,
|
|
"implicitFlowEnabled": false,
|
|
"directAccessGrantsEnabled": false,
|
|
"serviceAccountsEnabled": false,
|
|
"publicClient": true,
|
|
"frontchannelLogout": false,
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"post.logout.redirect.uris": "+",
|
|
"pkce.code.challenge.method": "S256"
|
|
},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": false,
|
|
"nodeReRegistrationTimeout": 0,
|
|
"protocolMappers": [
|
|
{
|
|
"id": "b06a98d0-6d91-4260-9406-aea123f842dc",
|
|
"name": "audience resolve",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-audience-resolve-mapper",
|
|
"consentRequired": false,
|
|
"config": {}
|
|
}
|
|
],
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"acr",
|
|
"roles",
|
|
"profile",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": [
|
|
"address",
|
|
"phone",
|
|
"offline_access",
|
|
"microprofile-jwt"
|
|
]
|
|
},
|
|
{
|
|
"id": "db12bda8-7624-46cc-a84f-9c83cf99b370",
|
|
"clientId": "admin-cli",
|
|
"name": "${client_admin-cli}",
|
|
"surrogateAuthRequired": false,
|
|
"enabled": true,
|
|
"alwaysDisplayInConsole": false,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"redirectUris": [],
|
|
"webOrigins": [],
|
|
"notBefore": 0,
|
|
"bearerOnly": false,
|
|
"consentRequired": false,
|
|
"standardFlowEnabled": false,
|
|
"implicitFlowEnabled": false,
|
|
"directAccessGrantsEnabled": true,
|
|
"serviceAccountsEnabled": false,
|
|
"publicClient": true,
|
|
"frontchannelLogout": false,
|
|
"protocol": "openid-connect",
|
|
"attributes": {},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": false,
|
|
"nodeReRegistrationTimeout": 0,
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"acr",
|
|
"roles",
|
|
"profile",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": [
|
|
"address",
|
|
"phone",
|
|
"offline_access",
|
|
"microprofile-jwt"
|
|
]
|
|
},
|
|
{
|
|
"id": "4a3abf8b-7ce0-4eb3-8733-0b76bde3125d",
|
|
"clientId": "broker",
|
|
"name": "${client_broker}",
|
|
"surrogateAuthRequired": false,
|
|
"enabled": true,
|
|
"alwaysDisplayInConsole": false,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"redirectUris": [],
|
|
"webOrigins": [],
|
|
"notBefore": 0,
|
|
"bearerOnly": true,
|
|
"consentRequired": false,
|
|
"standardFlowEnabled": true,
|
|
"implicitFlowEnabled": false,
|
|
"directAccessGrantsEnabled": false,
|
|
"serviceAccountsEnabled": false,
|
|
"publicClient": false,
|
|
"frontchannelLogout": false,
|
|
"protocol": "openid-connect",
|
|
"attributes": {},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": false,
|
|
"nodeReRegistrationTimeout": 0,
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"acr",
|
|
"roles",
|
|
"profile",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": [
|
|
"address",
|
|
"phone",
|
|
"offline_access",
|
|
"microprofile-jwt"
|
|
]
|
|
},
|
|
{
|
|
"id": "4be1cdcc-b0b3-4581-957b-54fa17c0d929",
|
|
"clientId": "hasura",
|
|
"name": "Hasura",
|
|
"description": "",
|
|
"rootUrl": "",
|
|
"adminUrl": "",
|
|
"baseUrl": "",
|
|
"surrogateAuthRequired": false,
|
|
"enabled": true,
|
|
"alwaysDisplayInConsole": false,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"secret": "oMtCPAV7diKpE564SBspgKj4HqlKM4Hy",
|
|
"redirectUris": ["http://localhost:3000/*"],
|
|
"webOrigins": ["http://localhost:3000"],
|
|
"notBefore": 0,
|
|
"bearerOnly": false,
|
|
"consentRequired": false,
|
|
"standardFlowEnabled": true,
|
|
"implicitFlowEnabled": false,
|
|
"directAccessGrantsEnabled": true,
|
|
"serviceAccountsEnabled": true,
|
|
"authorizationServicesEnabled": true,
|
|
"publicClient": false,
|
|
"frontchannelLogout": true,
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"oidc.ciba.grant.enabled": "false",
|
|
"oauth2.device.authorization.grant.enabled": "false",
|
|
"client.secret.creation.time": "1692777925",
|
|
"backchannel.logout.session.required": "true",
|
|
"backchannel.logout.revoke.offline.tokens": "false"
|
|
},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": true,
|
|
"nodeReRegistrationTimeout": -1,
|
|
"protocolMappers": [
|
|
{
|
|
"id": "c4016925-f659-455a-9cdb-29bba88327e9",
|
|
"name": "Client ID",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usersessionmodel-note-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"user.session.note": "client_id",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "client_id",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "e80e0f4c-cd0d-4bb8-a1e4-108a49f4d1a7",
|
|
"name": "Client Host",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usersessionmodel-note-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"user.session.note": "clientHost",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "clientHost",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "3cb8ba1a-81f2-42b7-91b0-3fbe29126262",
|
|
"name": "Client IP Address",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usersessionmodel-note-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"user.session.note": "clientAddress",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "clientAddress",
|
|
"jsonType.label": "String"
|
|
}
|
|
}
|
|
],
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"acr",
|
|
"roles",
|
|
"profile",
|
|
"hasura",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": [
|
|
"address",
|
|
"phone",
|
|
"offline_access",
|
|
"microprofile-jwt"
|
|
],
|
|
"authorizationSettings": {
|
|
"allowRemoteResourceManagement": true,
|
|
"policyEnforcementMode": "ENFORCING",
|
|
"resources": [
|
|
{
|
|
"name": "Default Resource",
|
|
"type": "urn:hasura:resources:default",
|
|
"ownerManagedAccess": false,
|
|
"attributes": {},
|
|
"_id": "088f6856-3491-4600-ac5d-0287da57511c",
|
|
"uris": ["/*"]
|
|
}
|
|
],
|
|
"policies": [
|
|
{
|
|
"id": "f82ec078-33ce-4204-83c9-627a802c0821",
|
|
"name": "Default Policy",
|
|
"description": "A policy that grants access only for users within this realm",
|
|
"type": "role",
|
|
"logic": "POSITIVE",
|
|
"decisionStrategy": "AFFIRMATIVE",
|
|
"config": {
|
|
"roles": "[{\"id\":\"default-roles-hasura\",\"required\":false}]"
|
|
}
|
|
},
|
|
{
|
|
"id": "2cad4a9f-b0f6-4067-98a7-4f42ed5e33ef",
|
|
"name": "Default Permission",
|
|
"description": "A permission that applies to the default resource type",
|
|
"type": "resource",
|
|
"logic": "POSITIVE",
|
|
"decisionStrategy": "UNANIMOUS",
|
|
"config": {
|
|
"defaultResourceType": "urn:hasura:resources:default",
|
|
"applyPolicies": "[\"Default Policy\"]"
|
|
}
|
|
}
|
|
],
|
|
"scopes": [],
|
|
"decisionStrategy": "UNANIMOUS"
|
|
}
|
|
},
|
|
{
|
|
"id": "5d7dda49-d56d-4c64-8a01-ee5dd5310c81",
|
|
"clientId": "realm-management",
|
|
"name": "${client_realm-management}",
|
|
"surrogateAuthRequired": false,
|
|
"enabled": true,
|
|
"alwaysDisplayInConsole": false,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"redirectUris": [],
|
|
"webOrigins": [],
|
|
"notBefore": 0,
|
|
"bearerOnly": true,
|
|
"consentRequired": false,
|
|
"standardFlowEnabled": true,
|
|
"implicitFlowEnabled": false,
|
|
"directAccessGrantsEnabled": false,
|
|
"serviceAccountsEnabled": false,
|
|
"publicClient": false,
|
|
"frontchannelLogout": false,
|
|
"protocol": "openid-connect",
|
|
"attributes": {},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": false,
|
|
"nodeReRegistrationTimeout": 0,
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"acr",
|
|
"roles",
|
|
"profile",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": [
|
|
"address",
|
|
"phone",
|
|
"offline_access",
|
|
"microprofile-jwt"
|
|
]
|
|
},
|
|
{
|
|
"id": "29f3fff6-2a63-4f7b-9474-d2385f0eff32",
|
|
"clientId": "security-admin-console",
|
|
"name": "${client_security-admin-console}",
|
|
"rootUrl": "${authAdminUrl}",
|
|
"baseUrl": "/admin/hasura/console/",
|
|
"surrogateAuthRequired": false,
|
|
"enabled": true,
|
|
"alwaysDisplayInConsole": false,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"redirectUris": ["/admin/hasura/console/*"],
|
|
"webOrigins": ["+"],
|
|
"notBefore": 0,
|
|
"bearerOnly": false,
|
|
"consentRequired": false,
|
|
"standardFlowEnabled": true,
|
|
"implicitFlowEnabled": false,
|
|
"directAccessGrantsEnabled": false,
|
|
"serviceAccountsEnabled": false,
|
|
"publicClient": true,
|
|
"frontchannelLogout": false,
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"post.logout.redirect.uris": "+",
|
|
"pkce.code.challenge.method": "S256"
|
|
},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": false,
|
|
"nodeReRegistrationTimeout": 0,
|
|
"protocolMappers": [
|
|
{
|
|
"id": "795b2582-0f87-46ac-8be0-13518ad27445",
|
|
"name": "locale",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "locale",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "locale",
|
|
"jsonType.label": "String"
|
|
}
|
|
}
|
|
],
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"acr",
|
|
"roles",
|
|
"profile",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": [
|
|
"address",
|
|
"phone",
|
|
"offline_access",
|
|
"microprofile-jwt"
|
|
]
|
|
}
|
|
],
|
|
"clientScopes": [
|
|
{
|
|
"id": "7df17b55-8301-4667-b9f3-41f9520a92cf",
|
|
"name": "offline_access",
|
|
"description": "OpenID Connect built-in scope: offline_access",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"consent.screen.text": "${offlineAccessScopeConsentText}",
|
|
"display.on.consent.screen": "true"
|
|
}
|
|
},
|
|
{
|
|
"id": "9cf833ae-3238-4aa3-9a9a-bbb8bc3767e3",
|
|
"name": "roles",
|
|
"description": "OpenID Connect scope for add user roles to the access token",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "false",
|
|
"display.on.consent.screen": "true",
|
|
"consent.screen.text": "${rolesScopeConsentText}"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "8d49f2bc-7ffc-4ee0-ae71-d82623330caf",
|
|
"name": "client roles",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-client-role-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"user.attribute": "foo",
|
|
"access.token.claim": "true",
|
|
"claim.name": "resource_access.${client_id}.roles",
|
|
"jsonType.label": "String",
|
|
"multivalued": "true"
|
|
}
|
|
},
|
|
{
|
|
"id": "7e1a84a8-47d0-4cd8-ba0f-dc689588b7ec",
|
|
"name": "realm roles",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-realm-role-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"user.attribute": "foo",
|
|
"access.token.claim": "true",
|
|
"claim.name": "realm_access.roles",
|
|
"jsonType.label": "String",
|
|
"multivalued": "true"
|
|
}
|
|
},
|
|
{
|
|
"id": "807ae7c0-7c18-4d46-b1c6-9d191294bf7b",
|
|
"name": "audience resolve",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-audience-resolve-mapper",
|
|
"consentRequired": false,
|
|
"config": {}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "ad8bfcfe-469b-4e72-82ab-2e8b564efc14",
|
|
"name": "acr",
|
|
"description": "OpenID Connect scope for add acr (authentication context class reference) to the token",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "false",
|
|
"display.on.consent.screen": "false"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "96589cee-a8cc-4919-8b60-00a77a34ff87",
|
|
"name": "acr loa level",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-acr-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "2a8948cb-65cf-4ce4-ae11-fae5d9391fd3",
|
|
"name": "microprofile-jwt",
|
|
"description": "Microprofile - JWT built-in scope",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "true",
|
|
"display.on.consent.screen": "false"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "6679f3f8-c764-4cd4-ae63-9da31200e7c5",
|
|
"name": "upn",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "username",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "upn",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "09a8bf42-8326-40a5-b1d3-0a65fe6236c3",
|
|
"name": "groups",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-realm-role-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"multivalued": "true",
|
|
"user.attribute": "foo",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "groups",
|
|
"jsonType.label": "String"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "794f2bc0-4b14-4cb3-a7f2-730b2fabc84d",
|
|
"name": "hasura",
|
|
"description": "",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "true",
|
|
"display.on.consent.screen": "true",
|
|
"gui.order": "",
|
|
"consent.screen.text": ""
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "74c7a728-24a3-480e-bbb9-2129bd2dccb1",
|
|
"name": "x-hasura-default-role",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-hardcoded-claim-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"claim.value": "user",
|
|
"userinfo.token.claim": "true",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "https://hasura\\.io/jwt/claims.x-hasura-default-role",
|
|
"jsonType.label": "String",
|
|
"access.tokenResponse.claim": "false"
|
|
}
|
|
},
|
|
{
|
|
"id": "b451832d-670a-4e0d-878e-904c2b1598c2",
|
|
"name": "x-hasura-user-id",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-property-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "id",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "https://hasura\\.io/jwt/claims.x-hasura-user-id",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "eb62cfc4-ea5f-454a-9c78-384cb5e80373",
|
|
"name": "x-hasura-allowed-roles",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-client-role-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"multivalued": "true",
|
|
"userinfo.token.claim": "true",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "https://hasura\\.io/jwt/claims.x-hasura-allowed-roles",
|
|
"jsonType.label": "String",
|
|
"usermodel.clientRoleMapping.clientId": "hasura"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "8321f73d-4f9e-486e-ae03-cde49fc78bc1",
|
|
"name": "role_list",
|
|
"description": "SAML role list",
|
|
"protocol": "saml",
|
|
"attributes": {
|
|
"consent.screen.text": "${samlRoleListScopeConsentText}",
|
|
"display.on.consent.screen": "true"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "56bb56c7-0237-4263-b858-7f9cdba57a1d",
|
|
"name": "role list",
|
|
"protocol": "saml",
|
|
"protocolMapper": "saml-role-list-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"single": "false",
|
|
"attribute.nameformat": "Basic",
|
|
"attribute.name": "Role"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "c2c39673-f405-4fed-81a5-3bc3aa333b8b",
|
|
"name": "email",
|
|
"description": "OpenID Connect built-in scope: email",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "true",
|
|
"display.on.consent.screen": "true",
|
|
"consent.screen.text": "${emailScopeConsentText}"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "01e5705c-f668-476d-8526-7d8851531832",
|
|
"name": "email",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "email",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "email",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "66d6d45a-d4ca-4574-bcbe-b26982b4c7f8",
|
|
"name": "email verified",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-property-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "emailVerified",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "email_verified",
|
|
"jsonType.label": "boolean"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "f03591f6-3ea2-405b-b47c-6eb797ec5926",
|
|
"name": "profile",
|
|
"description": "OpenID Connect built-in scope: profile",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "true",
|
|
"display.on.consent.screen": "true",
|
|
"consent.screen.text": "${profileScopeConsentText}"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "3c61cc63-50f9-4cfb-b45e-422c59161709",
|
|
"name": "full name",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-full-name-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"userinfo.token.claim": "true"
|
|
}
|
|
},
|
|
{
|
|
"id": "2dfbc3d5-81f1-4160-9b0a-c58fd997fe68",
|
|
"name": "picture",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "picture",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "picture",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "a5e7f48a-219c-4bca-a491-d54e8788d8be",
|
|
"name": "username",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "username",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "preferred_username",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "837efb21-32d2-47e5-8b1c-fdf5d3ea17bc",
|
|
"name": "website",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "website",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "website",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "d1200744-27c1-426c-8332-ce4b0c433c50",
|
|
"name": "zoneinfo",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "zoneinfo",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "zoneinfo",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "63eae02f-f44b-4fe6-91f2-a16d096c46db",
|
|
"name": "birthdate",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "birthdate",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "birthdate",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "5cbb20a8-2947-420d-9a5d-1ce4eb928117",
|
|
"name": "given name",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "firstName",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "given_name",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "fdb72b90-48f8-4dcf-be77-e246fc77814c",
|
|
"name": "family name",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "lastName",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "family_name",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "a61f7495-5229-48a8-a1d2-0596f13d1c06",
|
|
"name": "nickname",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "nickname",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "nickname",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "ac4150b4-0b5f-4187-a81f-21e582fde2b4",
|
|
"name": "profile",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "profile",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "profile",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "2f8cf479-e0f5-49a6-a46b-f4708f60840e",
|
|
"name": "middle name",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "middleName",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "middle_name",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "2530d28b-3135-442d-aabe-3dcd20d6370c",
|
|
"name": "locale",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "locale",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "locale",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "68ca4cca-c6d3-4fa4-8079-ee0c81286577",
|
|
"name": "gender",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "gender",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "gender",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "ef95b412-17ff-4ef5-b9e9-8b95f7cc44b3",
|
|
"name": "updated at",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "updatedAt",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "updated_at",
|
|
"jsonType.label": "long"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "8b3ba733-fa23-489f-b954-a0b89fba8b54",
|
|
"name": "web-origins",
|
|
"description": "OpenID Connect scope for add allowed web origins to the access token",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "false",
|
|
"display.on.consent.screen": "false",
|
|
"consent.screen.text": ""
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "43ee6247-a7fd-4649-8770-5c966a23b831",
|
|
"name": "allowed web origins",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-allowed-origins-mapper",
|
|
"consentRequired": false,
|
|
"config": {}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "818f4f96-a63c-4c1d-9251-d999517ede72",
|
|
"name": "address",
|
|
"description": "OpenID Connect built-in scope: address",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "true",
|
|
"display.on.consent.screen": "true",
|
|
"consent.screen.text": "${addressScopeConsentText}"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "f9fbf5ed-195e-44f1-a5d3-6bf64919bb2b",
|
|
"name": "address",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-address-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"user.attribute.formatted": "formatted",
|
|
"user.attribute.country": "country",
|
|
"user.attribute.postal_code": "postal_code",
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute.street": "street",
|
|
"id.token.claim": "true",
|
|
"user.attribute.region": "region",
|
|
"access.token.claim": "true",
|
|
"user.attribute.locality": "locality"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "e3f2c7fe-ca50-4b01-b999-098c82beb362",
|
|
"name": "phone",
|
|
"description": "OpenID Connect built-in scope: phone",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "true",
|
|
"display.on.consent.screen": "true",
|
|
"consent.screen.text": "${phoneScopeConsentText}"
|
|
},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "7ae1a4ac-99db-4a27-8f18-f537a8020e4f",
|
|
"name": "phone number",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "phoneNumber",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "phone_number",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "edd5d134-b2c1-47d8-9cc5-3558559cf407",
|
|
"name": "phone number verified",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "phoneNumberVerified",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "phone_number_verified",
|
|
"jsonType.label": "boolean"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"defaultDefaultClientScopes": [
|
|
"role_list",
|
|
"profile",
|
|
"email",
|
|
"roles",
|
|
"web-origins",
|
|
"acr",
|
|
"hasura"
|
|
],
|
|
"defaultOptionalClientScopes": [
|
|
"offline_access",
|
|
"address",
|
|
"phone",
|
|
"microprofile-jwt"
|
|
],
|
|
"browserSecurityHeaders": {
|
|
"contentSecurityPolicyReportOnly": "",
|
|
"xContentTypeOptions": "nosniff",
|
|
"referrerPolicy": "no-referrer",
|
|
"xRobotsTag": "none",
|
|
"xFrameOptions": "SAMEORIGIN",
|
|
"contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
|
|
"xXSSProtection": "1; mode=block",
|
|
"strictTransportSecurity": "max-age=31536000; includeSubDomains"
|
|
},
|
|
"smtpServer": {},
|
|
"eventsEnabled": false,
|
|
"eventsListeners": ["jboss-logging"],
|
|
"enabledEventTypes": [],
|
|
"adminEventsEnabled": false,
|
|
"adminEventsDetailsEnabled": false,
|
|
"identityProviders": [],
|
|
"identityProviderMappers": [],
|
|
"components": {
|
|
"org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [
|
|
{
|
|
"id": "e2254ce7-52d6-4450-aa77-5ba2b40b8e26",
|
|
"name": "Allowed Client Scopes",
|
|
"providerId": "allowed-client-templates",
|
|
"subType": "anonymous",
|
|
"subComponents": {},
|
|
"config": {
|
|
"allow-default-scopes": ["true"]
|
|
}
|
|
},
|
|
{
|
|
"id": "b88f3a6b-b2a8-476d-9433-904ca547f64c",
|
|
"name": "Allowed Protocol Mapper Types",
|
|
"providerId": "allowed-protocol-mappers",
|
|
"subType": "anonymous",
|
|
"subComponents": {},
|
|
"config": {
|
|
"allowed-protocol-mapper-types": [
|
|
"saml-user-attribute-mapper",
|
|
"oidc-usermodel-property-mapper",
|
|
"oidc-sha256-pairwise-sub-mapper",
|
|
"oidc-full-name-mapper",
|
|
"saml-user-property-mapper",
|
|
"saml-role-list-mapper",
|
|
"oidc-usermodel-attribute-mapper",
|
|
"oidc-address-mapper"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"id": "d9ba5290-8c0e-4fa7-bf53-afc4fab4ec4b",
|
|
"name": "Allowed Client Scopes",
|
|
"providerId": "allowed-client-templates",
|
|
"subType": "authenticated",
|
|
"subComponents": {},
|
|
"config": {
|
|
"allow-default-scopes": ["true"]
|
|
}
|
|
},
|
|
{
|
|
"id": "1c24034f-5374-4020-b8e2-ba2eb4c0a944",
|
|
"name": "Full Scope Disabled",
|
|
"providerId": "scope",
|
|
"subType": "anonymous",
|
|
"subComponents": {},
|
|
"config": {}
|
|
},
|
|
{
|
|
"id": "e66a399a-317f-42c0-8ec7-9e2ba781a53d",
|
|
"name": "Consent Required",
|
|
"providerId": "consent-required",
|
|
"subType": "anonymous",
|
|
"subComponents": {},
|
|
"config": {}
|
|
},
|
|
{
|
|
"id": "eec0d3e9-e1e2-41c0-8a03-cc5f06c0f77e",
|
|
"name": "Trusted Hosts",
|
|
"providerId": "trusted-hosts",
|
|
"subType": "anonymous",
|
|
"subComponents": {},
|
|
"config": {
|
|
"host-sending-registration-request-must-match": ["true"],
|
|
"client-uris-must-match": ["true"]
|
|
}
|
|
},
|
|
{
|
|
"id": "01f2436b-aa02-4f55-ac64-6132dd6ee375",
|
|
"name": "Allowed Protocol Mapper Types",
|
|
"providerId": "allowed-protocol-mappers",
|
|
"subType": "authenticated",
|
|
"subComponents": {},
|
|
"config": {
|
|
"allowed-protocol-mapper-types": [
|
|
"oidc-usermodel-property-mapper",
|
|
"saml-user-property-mapper",
|
|
"oidc-usermodel-attribute-mapper",
|
|
"saml-user-attribute-mapper",
|
|
"oidc-full-name-mapper",
|
|
"oidc-address-mapper",
|
|
"oidc-sha256-pairwise-sub-mapper",
|
|
"saml-role-list-mapper"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"id": "86fe59f0-cb96-4a39-8476-ae092479fb69",
|
|
"name": "Max Clients Limit",
|
|
"providerId": "max-clients",
|
|
"subType": "anonymous",
|
|
"subComponents": {},
|
|
"config": {
|
|
"max-clients": ["200"]
|
|
}
|
|
}
|
|
],
|
|
"org.keycloak.keys.KeyProvider": [
|
|
{
|
|
"id": "796db70c-b8e9-4efa-b225-91d8cc8099ea",
|
|
"name": "rsa-enc-generated",
|
|
"providerId": "rsa-enc-generated",
|
|
"subComponents": {},
|
|
"config": {
|
|
"priority": ["100"],
|
|
"algorithm": ["RSA-OAEP"]
|
|
}
|
|
},
|
|
{
|
|
"id": "06ed66b9-a1ac-4662-afb4-889d176189b3",
|
|
"name": "hmac-generated",
|
|
"providerId": "hmac-generated",
|
|
"subComponents": {},
|
|
"config": {
|
|
"priority": ["100"],
|
|
"algorithm": ["HS256"]
|
|
}
|
|
},
|
|
{
|
|
"id": "fc8169fe-cb2b-4edb-befa-fa136215a184",
|
|
"name": "aes-generated",
|
|
"providerId": "aes-generated",
|
|
"subComponents": {},
|
|
"config": {
|
|
"priority": ["100"]
|
|
}
|
|
},
|
|
{
|
|
"id": "9c40d8de-d867-4f6a-9637-b99500551f15",
|
|
"name": "rsa-generated",
|
|
"providerId": "rsa-generated",
|
|
"subComponents": {},
|
|
"config": {
|
|
"priority": ["100"]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"internationalizationEnabled": false,
|
|
"supportedLocales": [],
|
|
"authenticationFlows": [
|
|
{
|
|
"id": "da3e4aa5-578c-4a70-a0ee-6bd0ac54acd5",
|
|
"alias": "Account verification options",
|
|
"description": "Method with which to verity the existing account",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "idp-email-verification",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 20,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "Verify Existing Account by Re-authentication",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "489875e5-f48e-484a-8a82-d49e8af1834a",
|
|
"alias": "Browser - Conditional OTP",
|
|
"description": "Flow to determine if the OTP is required for the authentication",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "conditional-user-configured",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "auth-otp-form",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "43d1a926-1785-4391-bf16-519da996ab47",
|
|
"alias": "Direct Grant - Conditional OTP",
|
|
"description": "Flow to determine if the OTP is required for the authentication",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "conditional-user-configured",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "direct-grant-validate-otp",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "27d47660-5e77-4732-b781-36e88d2f6baf",
|
|
"alias": "First broker login - Conditional OTP",
|
|
"description": "Flow to determine if the OTP is required for the authentication",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "conditional-user-configured",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "auth-otp-form",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "a7d1c2ef-57c8-4907-b21b-0d2df675c9c0",
|
|
"alias": "Handle Existing Account",
|
|
"description": "Handle what to do if there is existing account with same email/username like authenticated identity provider",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "idp-confirm-link",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "Account verification options",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "5f97b94f-e60d-498e-8874-d719adbcc985",
|
|
"alias": "Reset - Conditional OTP",
|
|
"description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "conditional-user-configured",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "reset-otp",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "22b24e38-53ff-4788-ae8a-dcbce66819a7",
|
|
"alias": "User creation or linking",
|
|
"description": "Flow for the existing/non-existing user alternatives",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticatorConfig": "create unique user config",
|
|
"authenticator": "idp-create-user-if-unique",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 20,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "Handle Existing Account",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "aa67bda7-bfc9-4cd2-84a5-22e371e89135",
|
|
"alias": "Verify Existing Account by Re-authentication",
|
|
"description": "Reauthentication of existing account",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "idp-username-password-form",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "CONDITIONAL",
|
|
"priority": 20,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "First broker login - Conditional OTP",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "f9b90830-656d-4378-bd98-c11d8a20295c",
|
|
"alias": "browser",
|
|
"description": "browser based authentication",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "auth-cookie",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "auth-spnego",
|
|
"authenticatorFlow": false,
|
|
"requirement": "DISABLED",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "identity-provider-redirector",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 25,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 30,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "forms",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "9b00a800-deea-4b4a-b9cb-530886a7098a",
|
|
"alias": "clients",
|
|
"description": "Base authentication for clients",
|
|
"providerId": "client-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "client-secret",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "client-jwt",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "client-secret-jwt",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 30,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "client-x509",
|
|
"authenticatorFlow": false,
|
|
"requirement": "ALTERNATIVE",
|
|
"priority": 40,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "88c2fd63-c912-4727-8323-63d31333efaf",
|
|
"alias": "direct grant",
|
|
"description": "OpenID Connect Resource Owner Grant",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "direct-grant-validate-username",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "direct-grant-validate-password",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "CONDITIONAL",
|
|
"priority": 30,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "Direct Grant - Conditional OTP",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "12a8d6fe-ad7e-4443-9b40-b8855535def0",
|
|
"alias": "docker auth",
|
|
"description": "Used by Docker clients to authenticate against the IDP",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "docker-http-basic-authenticator",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "c64af03f-9326-4689-ad7e-d804b3fe0d60",
|
|
"alias": "first broker login",
|
|
"description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticatorConfig": "review profile config",
|
|
"authenticator": "idp-review-profile",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "User creation or linking",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "b0e1e734-a068-4ab1-b643-9ac5e18b54b9",
|
|
"alias": "forms",
|
|
"description": "Username, password, otp and other auth forms.",
|
|
"providerId": "basic-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "auth-username-password-form",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "CONDITIONAL",
|
|
"priority": 20,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "Browser - Conditional OTP",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "8978b81a-5145-40bf-9a02-4b9f5c2270cf",
|
|
"alias": "registration",
|
|
"description": "registration flow",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "registration-page-form",
|
|
"authenticatorFlow": true,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "registration form",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "dd0879d0-a1c7-47dd-8343-5495259359dc",
|
|
"alias": "registration form",
|
|
"description": "registration form",
|
|
"providerId": "form-flow",
|
|
"topLevel": false,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "registration-user-creation",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "registration-profile-action",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 40,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "registration-password-action",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 50,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "registration-recaptcha-action",
|
|
"authenticatorFlow": false,
|
|
"requirement": "DISABLED",
|
|
"priority": 60,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "2b5b0164-695d-406a-831d-de8e0864ba8b",
|
|
"alias": "reset credentials",
|
|
"description": "Reset credentials for a user if they forgot their password or something",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "reset-credentials-choose-user",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "reset-credential-email",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 20,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticator": "reset-password",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 30,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
},
|
|
{
|
|
"authenticatorFlow": true,
|
|
"requirement": "CONDITIONAL",
|
|
"priority": 40,
|
|
"autheticatorFlow": true,
|
|
"flowAlias": "Reset - Conditional OTP",
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "b26ac227-95e1-4dea-9673-9cf6f72950d7",
|
|
"alias": "saml ecp",
|
|
"description": "SAML ECP Profile Authentication Flow",
|
|
"providerId": "basic-flow",
|
|
"topLevel": true,
|
|
"builtIn": true,
|
|
"authenticationExecutions": [
|
|
{
|
|
"authenticator": "http-basic-authenticator",
|
|
"authenticatorFlow": false,
|
|
"requirement": "REQUIRED",
|
|
"priority": 10,
|
|
"autheticatorFlow": false,
|
|
"userSetupAllowed": false
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"authenticatorConfig": [
|
|
{
|
|
"id": "2c59769e-dc23-4813-8ab7-deaa7cde4de5",
|
|
"alias": "create unique user config",
|
|
"config": {
|
|
"require.password.update.after.registration": "false"
|
|
}
|
|
},
|
|
{
|
|
"id": "49f039b3-3d77-43d1-9a32-706285b18e3d",
|
|
"alias": "review profile config",
|
|
"config": {
|
|
"update.profile.on.first.login": "missing"
|
|
}
|
|
}
|
|
],
|
|
"requiredActions": [
|
|
{
|
|
"alias": "CONFIGURE_TOTP",
|
|
"name": "Configure OTP",
|
|
"providerId": "CONFIGURE_TOTP",
|
|
"enabled": true,
|
|
"defaultAction": false,
|
|
"priority": 10,
|
|
"config": {}
|
|
},
|
|
{
|
|
"alias": "TERMS_AND_CONDITIONS",
|
|
"name": "Terms and Conditions",
|
|
"providerId": "TERMS_AND_CONDITIONS",
|
|
"enabled": false,
|
|
"defaultAction": false,
|
|
"priority": 20,
|
|
"config": {}
|
|
},
|
|
{
|
|
"alias": "UPDATE_PASSWORD",
|
|
"name": "Update Password",
|
|
"providerId": "UPDATE_PASSWORD",
|
|
"enabled": true,
|
|
"defaultAction": false,
|
|
"priority": 30,
|
|
"config": {}
|
|
},
|
|
{
|
|
"alias": "UPDATE_PROFILE",
|
|
"name": "Update Profile",
|
|
"providerId": "UPDATE_PROFILE",
|
|
"enabled": true,
|
|
"defaultAction": false,
|
|
"priority": 40,
|
|
"config": {}
|
|
},
|
|
{
|
|
"alias": "VERIFY_EMAIL",
|
|
"name": "Verify Email",
|
|
"providerId": "VERIFY_EMAIL",
|
|
"enabled": true,
|
|
"defaultAction": false,
|
|
"priority": 50,
|
|
"config": {}
|
|
},
|
|
{
|
|
"alias": "delete_account",
|
|
"name": "Delete Account",
|
|
"providerId": "delete_account",
|
|
"enabled": false,
|
|
"defaultAction": false,
|
|
"priority": 60,
|
|
"config": {}
|
|
},
|
|
{
|
|
"alias": "webauthn-register",
|
|
"name": "Webauthn Register",
|
|
"providerId": "webauthn-register",
|
|
"enabled": true,
|
|
"defaultAction": false,
|
|
"priority": 70,
|
|
"config": {}
|
|
},
|
|
{
|
|
"alias": "webauthn-register-passwordless",
|
|
"name": "Webauthn Register Passwordless",
|
|
"providerId": "webauthn-register-passwordless",
|
|
"enabled": true,
|
|
"defaultAction": false,
|
|
"priority": 80,
|
|
"config": {}
|
|
},
|
|
{
|
|
"alias": "update_user_locale",
|
|
"name": "Update User Locale",
|
|
"providerId": "update_user_locale",
|
|
"enabled": true,
|
|
"defaultAction": false,
|
|
"priority": 1000,
|
|
"config": {}
|
|
}
|
|
],
|
|
"browserFlow": "browser",
|
|
"registrationFlow": "registration",
|
|
"directGrantFlow": "direct grant",
|
|
"resetCredentialsFlow": "reset credentials",
|
|
"clientAuthenticationFlow": "clients",
|
|
"dockerAuthenticationFlow": "docker auth",
|
|
"attributes": {
|
|
"cibaBackchannelTokenDeliveryMode": "poll",
|
|
"cibaExpiresIn": "120",
|
|
"cibaAuthRequestedUserHint": "login_hint",
|
|
"oauth2DeviceCodeLifespan": "600",
|
|
"oauth2DevicePollingInterval": "5",
|
|
"parRequestUriLifespan": "60",
|
|
"cibaInterval": "5",
|
|
"realmReusableOtpCode": "false"
|
|
},
|
|
"keycloakVersion": "22.0.0",
|
|
"userManagedAccessAllowed": false,
|
|
"clientProfiles": {
|
|
"profiles": []
|
|
},
|
|
"clientPolicies": {
|
|
"policies": []
|
|
}
|
|
}
|